<?php

/**
 * 
 *
 * @version $Id: class_session.inc.php,v 1.13 2005/08/01 10:16:40 phppc Exp $
 * @copyright 2004 
 **/

/**
 * session
 * 
 * @package 
 * @author Armin
 * @copyright Copyright (c) 2004
 * @version $Id: class_session.inc.php,v 1.13 2005/08/01 10:16:40 phppc Exp $
 * @access public
 **/
class session extends news{
	var $user_field = "user_name"; // name of the user db field
	var $pw_field = "pw"; // name of the pw db field
	var $id_field = "id"; // name of the id db field
	var $pw_mode = "sql"; // Used mode for secure passwords (sql OR md5)
	var $del_sql = "";
	var $perm_field = "ncp_id"; // name of the permission id db field
	var $user_id = 0; // User-ID of the actual user
	var $user_name = ""; // User name of the actual user
	var $user_array = array(); // array with all needed information available in the db	
	var $perm_id = 0; // ID of the used permissions pack
	var $user_pw_length = 8; // Standard length of a random password
	var $user_act_key_length = 20; // Standard length of an activation key 
		
	/**
	 * session::session_return_pw()
	 * 
	 * @param $password
	 * @return 
	 **/
	function session_return_pw($password) {
		if($this->pw_mode == "sql") $return = "PASSWORD(\"$password\")";
		elseif($this->pw_mode == "md5") $return = "\"".md5($password)."\"";
		return $return;
	}
	/**
	 * session::session_create()
	 * 
	 * @param $user_id
	 * @param integer $set_cookie
	 * @return 
	 **/
	function session_create ($user_id,$set_cookie = 0) {
		srand((double)microtime()*1000000);
  		$this->ncs = md5(uniqid(rand()));
  		$this->user_id = $user_id;
  		$this->db_abfrage_q ("INSERT INTO ".$this->config["db_table_session"]." (session_id,user_id,ip,last_a,rel_pfad) VALUES (\"".$this->ncs."\",\"".$this->user_id."\",\"".$this->config["ip"]."\",\"".$this->config["aktuelle_zeit"]."\",\"".$this->config["akt_rel_pfad"]."\")");
		if ($set_cookie == 1) {
			$verfalls_datum = time() + $this->config["cookie_login_add_time"];
  		    list ($user_pw) = $this->db_abfrage ("SELECT $this->pw_field FROM ".$this->config["db_table_user"]." WHERE id = \"$user_id\"");    
			SetCookie($this->config["uid_var"],"$user_id",$verfalls_datum,"/");
			SetCookie($this->config["upw_var"],"$user_pw",$verfalls_datum,"/");
  		}
	}
	/**
	 * session::session_update()
	 * 
	 * @param string $spec_mode
	 * @return 
	 **/
	function session_update() {
		$this->db_abfrage_q ("UPDATE ".$this->config["db_table_session"]." SET ip = \"".$this->config["ip"]."\", last_a = \"".$this->config["aktuelle_zeit"]."\", rel_pfad = \"".$this->config["akt_rel_pfad"]."\" WHERE session_id = \"".$this->ncs."\" AND ip = \"".$this->config["ip"]."\"");
		if($this->user_id > 0) $this->del_sql = "OR (user_id = \"$this->user_id\" AND session_id != \"$this->ncs\")";
		$this->del_sql = "";
	}
	/**
	 * session::session_use_cookies()
	 * @desc Tries to log in via cookies
	 * @return 
	 **/
	function session_use_cookies () {
		$valid_cookies = 0;
		if(isset($this->config["cookie_uid"]) AND isset($this->config["cookie_upw"])) $valid_cookies = $this->db_anzahl_zeilen("SELECT $this->user_field FROM ".$this->config["db_table_user"]." WHERE $this->pw_field = \"".$this->config["cookie_upw"]."\" AND $this->id_field = \"".$this->config["cookie_uid"]."\"");
		if ($valid_cookies == 1) {
		    $this->session_create($this->config["cookie_uid"]);
		}else $this->ncs = "invalid_cookies";
	}
	/**
	 * session::session_unset()
	 * 
	 * @return 
	 **/
	function session_unset() {
		$zeit = time() - 3600;
		$this->db_abfrage_q ("DELETE FROM ".$this->config["db_table_session"]." WHERE (last_a < $zeit) ".$this->del_sql."");
	}
	/**
	 * session::session_del_cookies()
	 * 
	 * @param $user_id
	 * @return 
	 **/
	function session_del_cookies($user_id) {
		$zeit = time() - $this->config["cookie_login_add_time"];
		SetCookie($this->config["uid_var"],"",$zeit,"/");
		SetCookie($this->config["upw_var"],"",$zeit,"/");
	}
	/**
	 * session::session_do_login()
	 * 
	 * @param $user_name
	 * @param $pw
	 * @param $set_cookie
	 * @param string $return_url
	 * @param string $return_var
	 * @return 
	 **/
	function session_do_login($user_name,$pw,$set_cookie,$return_url = "",$return_var = "") {
		$pw_sql = $this->session_return_pw($pw);
		$valid_login = $this->db_anzahl_zeilen("SELECT user_name FROM ".$this->config["db_table_user"]." WHERE $this->user_field = \"$user_name\" AND $this->pw_field = $pw_sql AND act_key = \"\"");
		if ($valid_login == 1) {
		    list ($this->user_id) = $this->db_abfrage("SELECT $this->id_field FROM ".$this->config["db_table_user"]." WHERE $this->user_field = \"$user_name\" AND $this->pw_field = $pw_sql AND act_key = \"\"");
		    $this->session_create($this->user_id,$set_cookie);
		}
		return $valid_login;
	}
	/**
	 * session::session_logout()
	 * 
	 * @param $session
	 * @return 
	 **/
	function session_logout($session) {
		list ($user_id) = $this->db_abfrage("SELECT user_id FROM ".$this->config["db_table_session"]." WHERE session_id = \"$session\"");
		$this->db_abfrage_q ("DELETE FROM ".$this->config["db_table_session"]." WHERE user_id = \"$user_id\"");
		$this->session_del_cookies($user_id);
	}
	/**
	 * session::session_user_create()
	 * 
	 * @param $user_name
	 * @param $pw
	 * @param $email
	 * @param $perm_id
	 * @param $act_key
	 * @return 
	 **/
	function session_user_create($user_name,$pw,$email,$perm_id,$act_key) {
		$erg = $this->db_abfrage_q ("INSERT ".$this->config["db_table_user"]." (user_name,pw,email,$this->perm_field,act_key) VALUES (\"".$user_name."\",".$this->session_return_pw($pw).",\"".$email."\",\"".$perm_id."\",\"".$act_key."\")");
	}
	/**
	 * session::session_user()
	 * 
	 * @param $mode
	 * @param integer $perm_id
	 * @param integer $uid
	 * @return 
	 **/
	function session_user($mode,$perm_id = 0,$uid = 0) {
		$pwm_change = 0;
		$pw_erweiterung = "";
		$act_key = 0;
		$pw_error = 0;
		if(!isset($_POST["random_pw"])) $_POST["random_pw"] = 0;
		if (($_POST["random_pw"] == 1) OR (($mode == "do_edit" AND $_POST["pw"] == "")) OR ($mode == "regist" AND $this->db_config["pw_mode"] == 0)) $input_array = array("user_name","email");
		else $input_array = array("user_name","email","pw","pw_conf");
		$valid_input = $this->uf_form_conf($input_array);
		$valid_email = $this->fun_email_conf($_POST["email"]);
		if ($valid_input == 1 AND $valid_email == 1) {
		    if ($_POST["random_pw"] == "1") $_POST["pw"] = $this->fun_random_value();
			elseif ($mode == "do_edit" AND $_POST["pw"] == "") $pw_error = 0;
			else {
				if ($_POST["pw"] == $_POST["pw_conf"]) $pwm_change = 1;
				else $pw_error = 1;
			}
			if ($pw_error == 1) $result = "pw_error";
			else $allow_dba = 1;
		}elseif ($valid_input != 1) $result = "invalid_input";
		elseif ($valid_email != 1) $result = "invalid_email";
		if ($allow_dba == 1) {
			if ($mode == "do_edit") {
			 	if ($pwm_change == 1 OR $_POST["random_pw"] == 1) $pw_erweiterung = ", pw = ".$this->session_return_pw($_POST["pw"])."";
				if ($this->perm_array["user_edit_group"] == 1) $group_erweiterung = ",$this->perm_field = \"$perm_id\"";
			    $erg = $this->db_abfrage_q ("UPDATE ".$this->config["db_table_user"]." SET user_name = \"".$_POST["user_name"]."\", email = \"".$_POST["email"]."\"$group_erweiterung$pw_erweiterung WHERE id = \"$uid\"");
				$result = "edit";
			}elseif ($mode == "create_user") {
				$erg = $this->db_abfrage_q ("INSERT INTO ".$this->config["db_table_user"]." (user_name,pw,email,$this->perm_field) VALUES (\"".$_POST["user_name"]."\",".$this->session_return_pw($_POST["pw"]).",\"".$_POST["email"]."\",\"$perm_id\")");
				if($erg) $result = "new";
			}elseif ($mode == "regist"){
				if($this->db_config["pw_mode"] == 0) $_POST["pw"] = $this->fun_random_value(10);
				if($this->db_config["regist_option"] == 3 OR $this->db_config["regist_option"] == 2) $act_key = random_value(10);
				$erg = $this->db_abfrage_q ("INSERT ".$this->config["db_table_user"]." (user_name,pw,email,$this->perm_field,act_key) VALUES (\"".$_POST["user_name"]."\",".$this->session_return_pw($_POST["pw"]).",\"".$_POST["email"]."\",\"$perm_id\",\"$act_key\")");
				if($erg) $result = "regist";
			}
		}
		return array($result,$act_key);
	}
	/**
	 * session::session_start()
	 * 
	 * @return 
	 **/
	function session_start() {
		list ($this->user_id) = $this->db_abfrage("SELECT user_id FROM ".$this->config["db_table_session"]." WHERE session_id = \"$this->ncs\" AND ip = \"".$this->config["ip"]."\"");
		if ($this->user_id > 0) $this->session_update();
		else {
			if(isset($this->config["cookie_uid"])) {
				$this->user_id = $this->config["cookie_uid"];
				$this->session_use_cookies();
			}else $this->ncs = "invalid_cookies";
			if ($this->ncs == "invalid_cookies") {
				$this->session_create(0,0);
				$this->user_id = 0;
			}
		}  
		
		$this->session_unset();
		echo $this->del_sql;
		$erg = $this->db_abfrage_q("SELECT id,$this->user_field,email,$this->perm_field FROM ".$this->config["db_table_user"]."");
		while($db_user = $this->db_abfrage_fetch($erg)){
			$id = $db_user["id"];
			$this->user_array[$id] = array();
			$this->user_array[$id] = $db_user;
		} // while
		if($this->user_id == 0) $this->perm_id = $this->db_config["guest_perm"];
		else $this->perm_id = $this->user_array[$this->user_id][$this->perm_field];
		$this->perm_array = $this->db_abfrage_az("SELECT * FROM ".$this->config["prefix"]."perm WHERE id = \"$this->perm_id\"");
	}
}

?>